Hệ thống xếp lịch học tín chỉ cho sinh viên CNTT trên PHP & MySQL
111.081 lượt xem;
- link.php
- project /
1 <?php
2 $currDir=dirname(__FILE__);
3 include("$currDir/defaultLang.php");
4 include("$currDir/language.php");
5 include("$currDir/lib.php");
6
7 // upload paths
8 $p=array(
9 );
10
11 if(!count($p)) getLink();
12
13 // default links
14 $dL=array(
15 );
16
17 // receive user input
18 $t=$_GET['t']; // table name
19 $f=$_GET['f']; // field name
20 $i=makeSafe($_GET['i']); // id
21
22 // validate input
23 if(!in_array($t, array_keys($p))) getLink();
24 if(!in_array($f, array_keys($p[$t])) || $f=='primary key') getLink();
25 if(!$i && !$dL[$t][$f]) getLink();
26
27 // user has view access to the requested table?
28 if(!check_record_permission($t, $_GET['i'])) getLink();
29
30 // send default link if no id provided, e.g. new record
31 if(!$i){
32 $path=$p[$t][$f];
33 if(preg_match('/^(http|ftp)/i', $dL[$t][$f])){ $path=''; }
34 @header("Location: {$path}{$dL[$t][$f]}");
35 exit;
36 }
37
38 getLink($t, $f, $p[$t]['primary key'], $i, $p[$t][$f]);
39
40 function getLink($table='', $linkField='', $pk='', $id='', $path=''){
41 if(!$id || !$table || !$linkField || !$pk){ // default link to return
42 exit;
43 }
44
45 if(preg_match('/^Lookup: (.*?)::(.*?)::(.*?)$/', $path, $m)){
46 $linkID=makeSafe(sqlValue("select `$linkField` from `$table` where `$pk`='$id'"));
47 $link=sqlValue("select `{$m[3]}` from `{$m[1]}` where `{$m[2]}`='$linkID'");
48 }else{
49 $link=sqlValue("select `$linkField` from `$table` where `$pk`='$id'");
50 }
51
52 if(!$link){
53 exit;
54 }
55
56 if(preg_match('/^(http|ftp)/i', $link)){ // if the link points to an external url, don't prepend path
57 $path='';
58 }elseif(!is_file(dirname(__FILE__)."/$path$link")){ // if the file doesn't exist in the given path, try to find it without the path
59 $path='';
60 }
61
62 @header("Location: $path$link");
63 exit;
64 }
2 $currDir=dirname(__FILE__);
3 include("$currDir/defaultLang.php");
4 include("$currDir/language.php");
5 include("$currDir/lib.php");
6
7 // upload paths
8 $p=array(
9 );
10
11 if(!count($p)) getLink();
12
13 // default links
14 $dL=array(
15 );
16
17 // receive user input
18 $t=$_GET['t']; // table name
19 $f=$_GET['f']; // field name
20 $i=makeSafe($_GET['i']); // id
21
22 // validate input
23 if(!in_array($t, array_keys($p))) getLink();
24 if(!in_array($f, array_keys($p[$t])) || $f=='primary key') getLink();
25 if(!$i && !$dL[$t][$f]) getLink();
26
27 // user has view access to the requested table?
28 if(!check_record_permission($t, $_GET['i'])) getLink();
29
30 // send default link if no id provided, e.g. new record
31 if(!$i){
32 $path=$p[$t][$f];
33 if(preg_match('/^(http|ftp)/i', $dL[$t][$f])){ $path=''; }
34 @header("Location: {$path}{$dL[$t][$f]}");
35 exit;
36 }
37
38 getLink($t, $f, $p[$t]['primary key'], $i, $p[$t][$f]);
39
40 function getLink($table='', $linkField='', $pk='', $id='', $path=''){
41 if(!$id || !$table || !$linkField || !$pk){ // default link to return
42 exit;
43 }
44
45 if(preg_match('/^Lookup: (.*?)::(.*?)::(.*?)$/', $path, $m)){
46 $linkID=makeSafe(sqlValue("select `$linkField` from `$table` where `$pk`='$id'"));
47 $link=sqlValue("select `{$m[3]}` from `{$m[1]}` where `{$m[2]}`='$linkID'");
48 }else{
49 $link=sqlValue("select `$linkField` from `$table` where `$pk`='$id'");
50 }
51
52 if(!$link){
53 exit;
54 }
55
56 if(preg_match('/^(http|ftp)/i', $link)){ // if the link points to an external url, don't prepend path
57 $path='';
58 }elseif(!is_file(dirname(__FILE__)."/$path$link")){ // if the file doesn't exist in the given path, try to find it without the path
59 $path='';
60 }
61
62 @header("Location: $path$link");
63 exit;
64 }